February 25, 2014

WiFi Networks Could Be Used To Transmit Computer Viruses

University of Liverpool researchers have demonstrated how computer viruses could go airborne over WiFi networks.

The team has shown for the first time how WiFi networks could be used to make a computer virus contagious through the air, moving through densely populated areas as effectively as the common cold.

The researchers designed a virus known as “Chameleon” and simulated how it could move through these networks. They found that not only can Chameleon spread quickly between homes and businesses, but it was able to avoid detection and identify WiFi access points that are not protected by encryption and passwords.

The computer scientists performed a simulated attack on Belfast and London in a laboratory setting, finding that Chameleon behaved like an airborne virus by traveling through WiFi networks that connect households and businesses.

Densely populated areas have more access points in closer proximity to each other, meaning the virus propagated more quickly across networks connected within a 30- to 200-foot radius.

“When ‘Chameleon’ attacked an AP (access points) it didn't affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it,” Alan Marshall, Professor of Network Security at the University, said in a statement. “The virus then sought out other WiFi APs that it could connect to and infect."

The virus was able to avoid detection from current systems that look for viruses that are found on the Internet or on computers because Chameleon is only present in the WiFi network. Although many access points are encrypted and password protected, the virus was able to move to find those which were not strongly protected, such as those WiFi networks found in coffee shops and airports.

"WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus,” says Marshall, co-author of the paper published in the EURASIP Journal on Information Security.

"It was assumed, however, that it wasn't possible to develop a virus that could attack WiFi networks but we demonstrated that this is possible and that it can spread quickly. We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely," Marshall concluded.